MODERATE SEVERITYSpyware

SpyFone Data Breach

SpyFone Mobile Stalkerware Breach (2018): 44K Accounts Exposed :: Audio Recordings, SMS Messages & Photos of Monitored Targets Made Public

Mobile stalkerware platform capturing communications and device activity.

Verified by ObscureIQ Intelligence

X in f @

5.5Severity

44KRecords

11Fields

2018Year

ObscureIQ Breach Intelligence Scores

6.3

Breach Risk Index

Data Value

Market Recency

2803

days

Since Breach

⚡ Risk Interpretation

Extremely sensitive. Exposure can reveal victims, operators, and surveillance patterns, enabling stalking, coercion, and serious privacy and safety harms.

🎯 Impact & Downstream Threats

The institutional impact on Support King and CEO Scott Zuckerman has been substantial and effectively terminal. The September 1, 2021 FTC consent order permanently banned both the company and its CEO from offering, promoting, selling, or advertising any surveillance product or service anywhere in the United States. The 2025 FTC denial of the petition to vacate confirms the ongoing enforcement of the ban. Support King was required to delete all illegally collected data and to notify affected devi

Primary downstream threats:

Credential stuffing against reused passwords across other platforms
Targeted phishing campaigns using exposed email addresses
Doxxing risk from physical address exposure

🔓 Threat Vectors

Extortion & preference exploitation

Voiceprint cloning & AI-assisted fraud

Device fingerprinting & targeted exploitation

Phishing, credential stuffing & account takeover

Name-based social engineering

Pattern-of-life analysis & physical surveillance

Device cloning & SIM swap facilitation

Geolocation & account flagging

SIM swap confirmation & relationship exploitation

Credential stuffing & account takeover

Deepfake & identity document fraud

Facial recognition & physical identification

📋 Breach Intelligence

EntitySpyFone

Organization • Global

Breach Date2018-08-01

HIBP Added2018-08-24

Records~44K (44,100 records)

Attack VectorMisconfiguration

Threat ActorAnonymous researcher (FTC enforcement followed)

SourceHave I Been Pwned / ObscureIQ ↗

SensitivityStalkerware

Breach ID1226.0

StatusConfirmed

📝 Executive Summary

SpyFone, a mobile stalkerware application operated by Puerto Rico-based Support King, LLC, suffered a data breach in August 2018 when a security researcher discovered that SpyFone had left several terabytes of data harvested from more than 3,600 monitored devices publicly accessible via a misconfigured Amazon Web Services S3 storage bucket. The exposed data was the surveillance content collected from devices on which SpyFone customers had installed the application. The same researcher discovered that SpyFone's backend services could be accessed without credentials and that arbitrary administrative accounts could be created against the customer database. The breach was indexed by Have I Been Pwned on August 24, 2018.

The breach affected approximately 44,100 unique customer email addresses based on records indexed by Have I Been Pwned, and approximately 2,200 individuals whose personal information was accessed by the attacker according to the FTC's subsequent investigation. Compromised customer fields included email addresses, names, IP addresses, geographic locations, browsing histories, IMEI device identifiers, and passwords stored in plaintext. Critically, the breach also exposed the surveillance content captured from the monitored target devices including photos, audio recordings, text messages, browsing histories, and GPS location data covering thousands of individuals who were being secretly monitored without their knowledge. SpyFone publicly promised to investigate the breach with an outside data security firm and law enforcement, but the FTC's subsequent investigation concluded that SpyFone failed to follow through on those promises.

For surveillance targets and customers alike, the practical risk profile is exceptionally severe and varies between the two populations. For surveillance targets (the people whose devices were being secretly monitored), the breach exposed live and historical device data that may have been collected without their knowledge or consent, with the U.S. National Domestic Violence Hotline (1-800-799-7233) and the Coalition Against Stalkerware providing resources for individuals who suspect they may have been monitored. Affected device owners may have received an FTC-mandated notification from Support King under the 2021 consent order alerting them that their devices were monitored and may not be secure. For customers (the people who purchased SpyFone to surveil others), the breach exposed their identification as someone who purchased and used surveillance software, with potential employment, relationship, and legal consequences depending on the jurisdiction and the consent status of the surveillance target. Customers should change all reused passwords on other accounts because the plaintext password exposure means any account where the same password was reused is fully compromised. The U.S. Wiretap Act and the Computer Fraud and Abuse Act may apply to customers whose use of SpyFone constituted unauthorized surveillance of devices they did not own or were not authorized to monitor.

🏢 About SpyFone

SpyFone was a mobile stalkerware application operated by Support King, LLC, a Puerto Rico-based company under the leadership of CEO Scott Zuckerman. SpyFone was marketed as a tool for parental monitoring and employee surveillance, with prices starting at approximately $99.95 per year and an 'Extreme' subscription tier that included remote camera control, microphone activation, and call recording capabilities. The application required physical installation on Android target devices with security restriction bypass, and certain monitoring features (such as email monitoring) required the target device to be 'rooted.' SpyFone provided customers with explicit instructions on how to hide the application so that the device user remained unaware of the surveillance. As a stalkerware platform, SpyFone collected and stored extensive surveillance data from monitored devices including photos, audio recordings, text messages, browsing histories, GPS locations, IMEI device identifiers, and contacts.

Spyware / Stalkerware | Covert device monitoring and surveillance | Mobile spyware platform | Global

Global* defunct spyfone.com

🗂 Why They Hold Your Data

Mobile spyware platforms collect customer records, target-device identifiers, monitoring settings, and exfiltrated activity data tied to covert surveillance workflows.

📰 Recent Developments

SpyFone is now defunct. Following the 2018 breach, the U.S. Federal Trade Commission brought an enforcement action against Support King, LLC and CEO Scott Zuckerman, resulting in a final consent order on September 1, 2021 that became the first FTC ban of a stalkerware company from the surveillance industry (after the agency's 2019 Retina-X enforcement action which banned the sale of three specific Retina-X applications without imposing a full surveillance-business ban). The FTC order required Support King and Zuckerman to delete all illegally collected data, notify affected device owners, and permanently exit the surveillance industry. In 2025, the FTC denied a petition to vacate or modify the 2021 order. The case has been formally cited in Coalition Against Stalkerware advocacy commentary and in subsequent FTC stalkerware enforcement actions as setting the precedent for full surveillance-industry bans rather than product-specific restrictions.

🔍 Data Points Exposed

11 verified field types:

Audio recordings

Browsing histories

Device information

Geographic locations

IMEI numbers

IP addresses

Names

Passwords

Photos

SMS messages

Exposure Categories

LocationGEO LOCS

Canonical Fields

activity_history:browsing_history, audio_recording, device_information, email_address, full_name, geographic_locations, imei, ip_address, messages_and_chat:sms_message, password, profile_photo:general_photo